Mailinglist Archive: opensuse-security (564 mails)

["Marko Saha" <marko.saha@xxxxxxxxx>]

Hi all!

Today I found that i couldn't connect to my SuSe 7.0 Linux box through ssh
and the console were dead. After switching the power and looking through
logfiles I found this:
-----
Jan 12 05:25:29 webhost kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:30587 255.255.255.255:30591 L=28 S=0x00 I=12830 F=0x0000 T=1 (#40)
Jan 12 05:25:29 webhost kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:30587 255.255.255.255:30591 L=28 S=0x00 I=12878 F=0x0000 T=1 (#40)
Jan 12 05:25:29 webhost PAM-unix2[1378]: bad username [  ]
Jan 12 05:25:29 webhost login[1378]: FAILED LOGIN 1 FROM /dev/tty1 FOR
UNKNOWN, User not known to the underlying authentication module
-----

After that last entry there was nothing in /var/log/messages until after
I've reseted the box. The box is at home so there are no other than I who
have console access.

I'm running custom made ipchains rules that blocks all but ssh, ntp and
http.

Do you people on the list have any ideas what could have happend?

Thanks,
Marko

marko.saha@xxxxxxxxx